Paper Info
Title
Catching Falling Dominoes: Cloud Management-Level Provenance Analysis with Application to OpenStack
Abstract
The dynamicity and complexity of clouds highlight the importance of automated root cause analysis solutions for explaining what might have caused a security incident. Most existing works focus on either locating malfunctioning clouds components, e.g., switches, or tracing changes at lower abstraction levels, e.g., system calls. On the other hand, a management-level solution can provide a big picture about the root cause in a more scalable manner. In this paper, we propose DOMINOCATCHER, a novel provenance-based solution for explaining the root cause of security incidents in terms of management operations in clouds. Specifically, we first define our provenance model to capture the interdependencies between cloud management operations, virtual resources and inputs. Based on this model, we design a framework to intercept cloud management operations and to extract and prune provenance metadata. We implement DOMINOCATCHER on OpenStack platform as an attached middleware and validate its effectiveness using security incidents based on real-world attacks. We also evaluate the performance through experiments on our testbed, and the results demonstrate that DOMINOCATCHER incurs insignificant overhead and is scalable for clouds.
Year
DOI
Venue
2020
10.1109/CNS48642.2020.9162251
2020 IEEE Conference on Communications and Network Security (CNS)
Keywords
DocType
ISSN
cloud management-level provenance analysis,dynamicity,automated root cause analysis solutions,security incident,abstraction levels,management-level solution,cloud management operations,provenance metadata,OpenStack,Dominocatcher
Conference
2474-025X
ISBN
Citations 
PageRank 
978-1-7281-4761-1
0
0.34
References 
Authors
16
6
Name
Order
Citations
PageRank
Azadeh Tabiban131.09
Yosr Jarraya217314.52
Mengyuan Zhang354.45
Makan Pourzandi421628.31
Lingyu Wang51440121.43
Mourad Debbabi61467144.47